Name: libarchive
Version: 3.1.2
Release: 14%{?dist}
Summary: A library for handling streaming archive formats
Group: System Environment/Libraries
License: BSD
URL: http://www.libarchive.org/
Source0: http://www.libarchive.org/downloads/%{name}-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: bison
BuildRequires: sharutils
BuildRequires: zlib-devel
BuildRequires: bzip2-devel
BuildRequires: xz-devel
BuildRequires: lzo-devel
BuildRequires: e2fsprogs-devel
BuildRequires: libacl-devel
BuildRequires: libattr-devel
BuildRequires: openssl-devel
BuildRequires: libxml2-devel
BuildRequires: automake autoconf libtool
# CVE-2013-0211 libarchive: read buffer overflow on 64-bit systems
# https://bugzilla.redhat.com/show_bug.cgi?id=927105
Patch0: libarchive-3.1.3-CVE-2013-0211_read_buffer_overflow.patch
Patch1: libarchive-3.1.2-testsuite.patch
# A bunch of security patches from 2016 summer
Patch2: libarchive-3.1.2-rhbz-1347085.patch
Patch3: libarchive-3.1.2-rhbz-1347086.patch
Patch4: libarchive-3.1.2-CVE-2015-8916-CVE-2015-8917.patch
Patch5: libarchive-3.1.2-CVE-2015-8919.patch
Patch6: libarchive-3.1.2-CVE-2015-8920.patch
Patch7: libarchive-3.1.2-CVE-2015-8921.patch
Patch8: libarchive-3.1.2-CVE-2015-8922.patch
Patch9: libarchive-3.1.2-CVE-2015-8923.patch
Patch10: libarchive-3.1.2-CVE-2015-8924.patch
Patch11: libarchive-3.1.2-CVE-2015-8925.patch
Patch12: libarchive-3.1.2-CVE-2015-8926.patch
Patch13: libarchive-3.1.2-CVE-2015-8928.patch
Patch14: libarchive-3.1.2-CVE-2015-8930.patch
Patch15: libarchive-3.1.2-CVE-2015-8931.patch
Patch16: libarchive-3.1.2-CVE-2015-8932.patch
Patch17: libarchive-3.1.2-CVE-2015-8934.patch
Patch18: libarchive-3.1.2-CVE-2016-4300.patch
Patch19: libarchive-3.1.2-CVE-2016-4302.patch
Patch20: libarchive-3.1.2-CVE-2016-4809.patch
Patch21: libarchive-3.1.2-CVE-2016-5844.patch
Patch22: libarchive-3.1.2-CVE-2016-1541.patch
Patch23: libarchive-3.1.2-CVE-2016-5418.patch
Patch24: libarchive-3.1.2-CVE-2016-5418-variation.patch
Patch25: libarchive-3.1.2-CVE-2017-14503.patch
Patch26: libarchive-3.1.2-CVE-2019-1000019.patch
Patch27: libarchive-3.1.2-CVE-2019-1000020.patch
Patch28: libarchive-3.3.2-CVE-2018-1000878.patch
Patch29: libarchive-3.3.2-CVE-2018-1000877.patch
Patch30: libarchive-3.2.1-CVE-2019-18408.patch
%description
Libarchive is a programming library that can create and read several different
streaming archive formats, including most popular tar variants, several cpio
formats, and both BSD and GNU ar variants. It can also write shar archives and
read ISO9660 CDROM images and ZIP archives.
%package devel
Summary: Development files for %{name}
Group: Development/Libraries
Requires: %{name}%{?_isa} = %{version}-%{release}
%description devel
The %{name}-devel package contains libraries and header files for
developing applications that use %{name}.
%package -n bsdtar
Summary: Manipulate tape archives
Group: Applications/File
Requires: %{name} = %{version}-%{release}
%description -n bsdtar
The bsdtar package contains standalone bsdtar utility split off regular
libarchive packages.
%package -n bsdcpio
Summary: Copy files to and from archives
Group: Applications/File
Requires: %{name} = %{version}-%{release}
%description -n bsdcpio
The bsdcpio package contains standalone bsdcpio utility split off regular
libarchive packages.
%global _hardened_build 1
%prep
%setup -q -n %{name}-%{version}
%patch0 -p1 -b .CVE-2013-0211
# fix bugs in testsuite
# ~> upstream ~> 26629c191a & b539b2e597 & 9caa49246
%patch1 -p1 -b .fix-testsuite
%patch2 -p1 -b .rhbz-1347085
%patch3 -p1 -b .rhbz-1347086
%patch4 -p1 -b .CVE-2015-8916-CVE-2015-8917
%patch5 -p1 -b .CVE-2015-8919
%patch6 -p1 -b .CVE-2015-8920
%patch7 -p1 -b .CVE-2015-8921
%patch8 -p1 -b .CVE-2015-8922
%patch9 -p1 -b .CVE-2015-8923
%patch10 -p1 -b .CVE-2015-8924
%patch11 -p1 -b .CVE-2015-8925
%patch12 -p1 -b .CVE-2015-8926
%patch13 -p1 -b .CVE-2015-8928
%patch14 -p1 -b .CVE-2015-8930
%patch15 -p1 -b .CVE-2015-8931
%patch16 -p1 -b .CVE-2015-8932
%patch17 -p1 -b .CVE-2015-8934
%patch18 -p1 -b .CVE-2016-4300
%patch19 -p1 -b .CVE-2016-4302
%patch20 -p1 -b .CVE-2016-4809
%patch21 -p1 -b .CVE-2016-5844
%patch22 -p1 -b .CVE-2016-1541
%patch23 -p1 -b .CVE-2016-5418
%patch24 -p1 -b .CVE-2016-5418-var
%patch25 -p1 -b .CVE-2017-14503
%patch26 -p1 -b .CVE-2019-1000019
%patch27 -p1 -b .CVE-2019-1000020
%patch28 -p1 -b .CVE-2019-1000878
%patch29 -p1 -b .CVE-2019-1000877
%patch30 -p1 -b .CVE-2019-18408
%build
build/autogen.sh
%configure --disable-static --disable-rpath
# remove rpaths
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
test -z "$V" && verbose_make="V=1"
make %{?_smp_mflags} $verbose_make
%install
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT
find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
%check
run_testsuite()
{
LD_LIBRARY_PATH=`pwd`/.libs make check -j1
res=$?
echo $res
if [ $res -ne 0 ]; then
# error happened - try to extract in koji as much info as possible
cat test-suite.log
echo "========================="
err=`cat test-suite.log | grep "Details for failing tests" | cut -d: -f2`
for i in $err; do
find $i -printf "%p\n ~> a: %a\n ~> c: %c\n ~> t: %t\n ~> %s B\n"
echo "-------------------------"
cat $i/*.log
done
return 1
else
find -name '*_test.log' -exec cat {} +
return 0
fi
}
# On a ppc/ppc64 is some race condition causing 'make check' fail on ppc
# when both 32 and 64 builds are done in parallel on the same machine in
# koji. Try to run once again if failed.
%ifarch ppc
run_testsuite || run_testsuite
%else
run_testsuite
%endif
%clean
rm -rf $RPM_BUILD_ROOT
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%files
%defattr(-,root,root,-)
%doc COPYING README NEWS
%{_libdir}/libarchive.so.13*
%{_mandir}/*/cpio.*
%{_mandir}/*/mtree.*
%{_mandir}/*/tar.*
%files devel
%defattr(-,root,root,-)
%doc
%{_includedir}/*.h
%{_mandir}/*/archive*
%{_mandir}/*/libarchive*
%{_libdir}/libarchive.so
%{_libdir}/pkgconfig/libarchive.pc
%files -n bsdtar
%defattr(-,root,root,-)
%doc COPYING README NEWS
%{_bindir}/bsdtar
%{_mandir}/*/bsdtar*
%files -n bsdcpio
%defattr(-,root,root,-)
%doc COPYING README NEWS
%{_bindir}/bsdcpio
%{_mandir}/*/bsdcpio*
%changelog
* Fri Jan 17 2020 Patrik Novotný <panovotn@redhat.com> - 3.1.2-14
- Fix patch application error
* Wed Jan 15 2020 Patrik Novotný <panovotn@redhat.com> - 3.1.2-13
- Fix CVE-2019-18408: RAR use-after-free
* Tue Apr 30 2019 Ondrej Dubaj <odubaj@redhat.com> - 3.1.2-12
- fixed use after free in RAR decoder (#1700749)
- fixed double free in RAR decoder (#1700748)
* Fri Feb 22 2019 Pavel Raiskup <praiskup@redhat.com> - 3.1.2-11
- fix out-of-bounds read within lha_read_data_none() (CVE-2017-14503)
- fix crash on crafted 7zip archives (CVE-2019-1000019)
- fix infinite loop in ISO9660 (CVE-2019-1000020)
* Fri Aug 12 2016 Petr Kubat <pkubat@redhat.com> - 3.1.2-10
- Fixes variation of CVE-2016-5418: Hard links could include ".." in their path.
* Thu Aug 11 2016 Petr Kubat <pkubat@redhat.com> - 3.1.2-9
- Fixes CVE-2016-5418: Archive Entry with type 1 (hardlink) causes file overwrite (#1365777)
* Fri Jul 08 2016 Pavel Raiskup <praiskup@redhat.com> - 3.1.2-8
- a bunch of security fixes (rhbz#1353065)
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 3.1.2-7
- Mass rebuild 2014-01-24
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 3.1.2-6
- Mass rebuild 2013-12-27
* Mon Jul 22 2013 Pavel Raiskup <praiskup@redhat.com> - 3.1.2-5
- try to workaround racy testsuite fail
* Sun Jun 30 2013 Pavel Raiskup <praiskup@redhat.com> - 3.1.2-4
- enable testsuite in the %%check phase
* Mon Jun 24 2013 Pavel Raiskup <praiskup@redhat.com> - 3.1.2-3
- bsdtar/bsdcpio should require versioned libarchive
* Wed Apr 3 2013 Tomas Bzatek <tbzatek@redhat.com> - 3.1.2-2
- Remove libunistring-devel build require
* Thu Mar 28 2013 Tomas Bzatek <tbzatek@redhat.com> - 3.1.2-1
- Update to 3.1.2
- Fix CVE-2013-0211: read buffer overflow on 64-bit systems (#927105)
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.1.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Mon Jan 14 2013 Tomas Bzatek <tbzatek@redhat.com> - 3.1.1-1
- Update to 3.1.1
- NEWS seems to be valid UTF-8 nowadays
* Wed Oct 03 2012 Pavel Raiskup <praiskup@redhat.com> - 3.0.4-3
- better install manual pages for libarchive/bsdtar/bsdcpio (# ... )
- several fedora-review fixes ...:
- Source0 has moved to github.com
- remove trailing white spaces
- repair summary to better describe bsdtar/cpiotar utilities
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.0.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Mon May 7 2012 Tomas Bzatek <tbzatek@redhat.com> - 3.0.4-1
- Update to 3.0.4
* Wed Feb 1 2012 Tomas Bzatek <tbzatek@redhat.com> - 3.0.3-2
- Enable bsdtar and bsdcpio in separate subpackages (#786400)
* Fri Jan 13 2012 Tomas Bzatek <tbzatek@redhat.com> - 3.0.3-1
- Update to 3.0.3
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.0.0-0.3.a
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Nov 15 2011 Rex Dieter <rdieter@fedoraproject.org> 3.0.0-0.2.a
- track files/sonames closer, so abi bumps aren't a surprise
- tighten subpkg deps via %%_isa
* Mon Nov 14 2011 Tomas Bzatek <tbzatek@redhat.com> - 3.0.0-0.1.a
- Update to 3.0.0a (alpha release)
* Mon Sep 5 2011 Tomas Bzatek <tbzatek@redhat.com> - 2.8.5-1
- Update to 2.8.5
* Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.8.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Thu Jan 13 2011 Tomas Bzatek <tbzatek@redhat.com> - 2.8.4-2
- Rebuild for new xz-libs
* Wed Jun 30 2010 Tomas Bzatek <tbzatek@redhat.com> - 2.8.4-1
- Update to 2.8.4
* Fri Jun 25 2010 Tomas Bzatek <tbzatek@redhat.com> - 2.8.3-2
- Fix ISO9660 reader data type mismatches (#597243)
* Tue Mar 16 2010 Tomas Bzatek <tbzatek@redhat.com> - 2.8.3-1
- Update to 2.8.3
* Mon Mar 8 2010 Tomas Bzatek <tbzatek@redhat.com> - 2.8.1-1
- Update to 2.8.1
* Fri Feb 5 2010 Tomas Bzatek <tbzatek@redhat.com> - 2.8.0-1
- Update to 2.8.0
* Wed Jan 6 2010 Tomas Bzatek <tbzatek@redhat.com> - 2.7.902a-1
- Update to 2.7.902a
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 2.7.1-2
- rebuilt with new openssl
* Fri Aug 7 2009 Tomas Bzatek <tbzatek@redhat.com> 2.7.1-1
- Update to 2.7.1
- Drop deprecated lzma dependency, libxz handles both formats
* Mon Jul 27 2009 Tomas Bzatek <tbzatek@redhat.com> 2.7.0-3
- Enable XZ compression format
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.7.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Tue May 12 2009 Tomas Bzatek <tbzatek@redhat.com> 2.7.0-1
- Update to 2.7.0
* Fri Mar 6 2009 Tomas Bzatek <tbzatek@redhat.com> 2.6.2-1
- Update to 2.6.2
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Mon Feb 16 2009 Tomas Bzatek <tbzatek@redhat.com> 2.6.1-1
- Update to 2.6.1
* Thu Jan 8 2009 Tomas Bzatek <tbzatek@redhat.com> 2.6.0-1
- Update to 2.6.0
* Mon Dec 15 2008 Tomas Bzatek <tbzatek@redhat.com> 2.5.904a-1
- Update to 2.5.904a
* Tue Dec 9 2008 Tomas Bzatek <tbzatek@redhat.com> 2.5.903a-2
- Add LZMA support
* Mon Dec 8 2008 Tomas Bzatek <tbzatek@redhat.com> 2.5.903a-1
- Update to 2.5.903a
* Tue Jul 22 2008 Tomas Bzatek <tbzatek@redhat.com> 2.5.5-1
- Update to 2.5.5
* Wed Apr 2 2008 Tomas Bzatek <tbzatek@redhat.com> 2.4.17-1
- Update to 2.4.17
* Wed Mar 19 2008 Tomas Bzatek <tbzatek@redhat.com> 2.4.14-1
- Initial packaging